New extension method of trusted certificate chain in virtual platform environment
When using trusted computing technology to build a trusted virtual platform environment,it is a hot problem that how to reasonably extend the underlying physical TPM certificate chain to the virtual machine environment.At present,the certificate trust expansion schemes are not perfect,either there i...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2018-06-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2018090/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841539422193975296 |
|---|---|
| author | Liang TAN Neng QI Lingbi HU |
| author_facet | Liang TAN Neng QI Lingbi HU |
| author_sort | Liang TAN |
| collection | DOAJ |
| description | When using trusted computing technology to build a trusted virtual platform environment,it is a hot problem that how to reasonably extend the underlying physical TPM certificate chain to the virtual machine environment.At present,the certificate trust expansion schemes are not perfect,either there is a violation of the TCG specifications,or TPM and vTPM certificate results inconsistent,either the presence of key redundancy,or privacy CA performance burden,some project cannot even extend the certificate trust.Based on this,a new extension method of trusted certificate chain was proposed.Firstly,a new class of certificate called VMEK (virtual machine extension key) was added in TPM,and the management mechanism of certificate VMEK was constructed,the main feature of which was that its key was not transferable and could be used to sign and encrypt the data inside and outside of TPM.Secondly,it used certificate VMEK to sign vTPM’s vEK to build the trust relationship between the underlying TPM and virtual machine,and realized extension of trusted certificate chain in virtual machine.Finally,in Xen,VMEK certificate and its management mechanism,and certificate trust extension based on VMEK were realized.The experiment results show that the proposed scheme can effectively realize the remote attestation function of virtual platform. |
| format | Article |
| id | doaj-art-56f141614a15465b884c9fc03813282a |
| institution | Kabale University |
| issn | 1000-436X |
| language | zho |
| publishDate | 2018-06-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-56f141614a15465b884c9fc03813282a2025-01-14T07:14:59ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2018-06-013913314559718919New extension method of trusted certificate chain in virtual platform environmentLiang TANNeng QILingbi HUWhen using trusted computing technology to build a trusted virtual platform environment,it is a hot problem that how to reasonably extend the underlying physical TPM certificate chain to the virtual machine environment.At present,the certificate trust expansion schemes are not perfect,either there is a violation of the TCG specifications,or TPM and vTPM certificate results inconsistent,either the presence of key redundancy,or privacy CA performance burden,some project cannot even extend the certificate trust.Based on this,a new extension method of trusted certificate chain was proposed.Firstly,a new class of certificate called VMEK (virtual machine extension key) was added in TPM,and the management mechanism of certificate VMEK was constructed,the main feature of which was that its key was not transferable and could be used to sign and encrypt the data inside and outside of TPM.Secondly,it used certificate VMEK to sign vTPM’s vEK to build the trust relationship between the underlying TPM and virtual machine,and realized extension of trusted certificate chain in virtual machine.Finally,in Xen,VMEK certificate and its management mechanism,and certificate trust extension based on VMEK were realized.The experiment results show that the proposed scheme can effectively realize the remote attestation function of virtual platform.http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2018090/trusted computingvirtual platformtrusted platform modulevTPMcertificate chain extension |
| spellingShingle | Liang TAN Neng QI Lingbi HU New extension method of trusted certificate chain in virtual platform environment Tongxin xuebao trusted computing virtual platform trusted platform module vTPM certificate chain extension |
| title | New extension method of trusted certificate chain in virtual platform environment |
| title_full | New extension method of trusted certificate chain in virtual platform environment |
| title_fullStr | New extension method of trusted certificate chain in virtual platform environment |
| title_full_unstemmed | New extension method of trusted certificate chain in virtual platform environment |
| title_short | New extension method of trusted certificate chain in virtual platform environment |
| title_sort | new extension method of trusted certificate chain in virtual platform environment |
| topic | trusted computing virtual platform trusted platform module vTPM certificate chain extension |
| url | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2018090/ |
| work_keys_str_mv | AT liangtan newextensionmethodoftrustedcertificatechaininvirtualplatformenvironment AT nengqi newextensionmethodoftrustedcertificatechaininvirtualplatformenvironment AT lingbihu newextensionmethodoftrustedcertificatechaininvirtualplatformenvironment |